Robert Fullagar CISSP CISM CRISC Clas CEH - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

Robert Fullagar CISSP CISM CRISC Clas CEH

Description:

Robert Fullagar CISSP CISM CRISC Clas CEH Security is everyone s responsibility Security Programme Structure and Methodology Contents People Structure Key ... – PowerPoint PPT presentation

Number of Views:225
Avg rating:3.0/5.0
Slides: 24
Provided by: RFullagar
Category:
Tags: ceh | cism | cissp | crisc | clas | fullagar | robert

less

Transcript and Presenter's Notes

Title: Robert Fullagar CISSP CISM CRISC Clas CEH


1
  • Robert Fullagar CISSP CISM CRISC Clas CEH

Security is everyones responsibility
2
Security Programme Structure and Methodology
  • Contents
  • People Structure
  • Key positions
  • Roles of individuals
  • Methodology/Approach
  • Deliverables

3
People
Senior Manager/Board Member
Business Representatives
Business Representatives
Business Representatives
Business Representatives
Senior Security SME
Programme Manager
Project Managers
Delivery Teams
External Resource
Security SME
4
Delivery Team Structure
Programme Manager
Security SME
Project Manager
Infrastructure Lead
External Resource
Doers
5
Other People
Security Architects
Legal Specialist
PMO Support
Technical Architects
Procurement
HR
Etc
6
Roles
Senior Manager/Board Member
  • Influencer
  • Has a vested interest in improving security
  • Can keep the momentum going
  • Able to procure budget

7
Roles
Business Representatives
Business Representatives
Business Representatives
Business Representatives
  • Set/agree scope for the business area
  • Set priority based on risk for the business area
  • Monitor progress
  • They are decision makers

8
Roles
Senior Security SME
Programme Manager
Project Managers
  • Action the decisions of the business
    representatives
  • Translate the business and technical requirements
  • Bring resource and structure to deliver the scope
  • Provide budgetary figures to the programme board
  • Select and evaluate solutions

9
Roles
Delivery Teams
External Resource
Security SME
  • These are the doers, the engine room
  • The detail people, they bring to bear that
    detailed specific knowledge
  • They do the actual work, hands on work
  • They help make the projects boards scope a reality

10
Initiator
  • Legislative
  • Contractual
  • External standards
  • Business driver or direction
  • Infrastructure replacement project
  • Consolidate security in finished project
  • Because its Best Practice

11
What happens when
Discovery 6-18 Months
Risk Assessment provides Input to phase 1
Phase 0
Phase 0 Eye on Phase 1 scope and long term
strategy
Foundation 18 months 2 years
Delivery phase 1 scope
Phase 1
Phase 1 Define long term strategy
Leverage 2-5 Years
Phase 2
Delivery phase 2 scope
BAU Security Cycle
12
Board Deliverables
Senior Manager/Board Member
Business Representatives
Business Representatives
Business Representatives
Business Representatives
  • Phase 0 - Scope
  • Business area
  • Drivers why
  • Financial commitment
  • Time and resource commitment
  • Draft strategy

13
Programme Deliverables
Senior Security SME
Programme Manager
Project Managers
Delivery Teams
External Resource
Security SME
  • Phase 0
  • Plan Resource and tasks
  • Budget /- 100
  • Approach
  • Quick wins
  • Minimal cost
  • Risk Assessment

14
Board Deliverables
Senior Manager/Board Member
Business Representatives
Business Representatives
Business Representatives
Business Representatives
  • Phase 1
  • Priorities the items from the risk assessment
  • Financial support
  • Allocate and commit resource
  • Long term strategy

15
Programme Deliverables
Senior Security SME
Programme Manager
Project Managers
Delivery Teams
External Resource
Security SME
  • Phase 1
  • Risk assessment
  • Proposals to remediate
  • Accurate costs
  • Plan, time and resource
  • Deliver agreed scope

16
Summary
Phase 0
  • Phase 0
  • Business Driver
  • Vision
  • Initial Budget
  • Commitment

Board
Programme
17
Summary
Phase 0
  • Phase 0
  • Plan
  • Budget
  • Approach
  • Quick wins

Board
Programme
18
Summary
Phase 1
Board
GO
19
Summary
Phase 1
  • Phase 1
  • Risk Assessment
  • Remediation actions
  • Budget to remediate
  • Outline plan

Board
Programme
20
Summary
Phase 1
  • Phase 1
  • Priorities Risks
  • Financial support
  • Commitment
  • Agree plans

Board
Programme
21
Summary
Phase 1
Board
Long term strategy
22
BAU Security
Plan
Do
Act
Check
23
Thank You
  • Questions
Write a Comment
User Comments (0)
About PowerShow.com